- Apr 19, 2024
-
-
hzy authored
-
hzy authored
-
hzy authored
procd: update to 021ece8 Use /dev/console for serial console if exists
-
hzy authored
-
hzy authored
Invoking iptables require lots of CPU resources.
-
hzy authored
-
hzy authored
-
hzy authored
-
Robert Marko authored
Using BSS coloring is one way of improving performance on 802.11ax radios, currently its only enabled by users adding he_bss_color to their wireless UCI config. This made sense as one could easily get BSS color collision as BSS color range is 1-63. Hostapd now has a way of dealing with BSS color collisions so we can just assign a integer in the 1-63 range randomly if one is not set by users. Signed-off-by:
Robert Marko <robimarko@gmail.com>
-
hzy authored
-
hzy authored
-
hzy authored
-
hzy authored
-
hzy authored
-
hzy authored
-
hzy authored
-
hzy authored
-
Felix Fietkau authored
Useful for adding #ifdefs based on build system provided definitions, or for adding extra include paths Signed-off-by:
Felix Fietkau <nbd@nbd.name>
-
hzy authored
-
hzy authored
-
hzy authored
- Apr 27, 2023
-
-
Hauke Mehrtens authored
Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
- Apr 17, 2023
-
-
Eneas U de Queiroz authored
Apply two patches fixing low-severity vulnerabilities related to certificate policies validation: - Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464) Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. - Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) Severity: Low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Note: OpenSSL also released a fix for low-severity security advisory CVE-2023-466. It is not included here because the fix only changes the documentation, which is not built nor included in any OpenWrt package. Due to the low-severity of these issues, there will be not be an immediate new release of OpenSSL. Signed-off-by:
Eneas U de Queiroz <cotequeiroz@gmail.com>
-
- Apr 15, 2023
-
-
Daniel Golle authored
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size" which did not yet make it to stable upstream Linux trees. Fixes: #12232 Fixes: #12339 Signed-off-by:
Daniel Golle <daniel@makrotopia.org> (cherry picked from commit aad34818)
-
- Apr 13, 2023
-
-
Matthias Schiffer authored
007d94546749 uclient: cancel state change timeout in uclient_disconnect() 644d3c7e13c6 ci: improve wolfSSL test coverage dc54d2b544a1 tests: add certificate check against letsencrypt.org Signed-off-by:
Matthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit 4f1c2e8d)
-
- Apr 09, 2023
-
-
Daniel Golle authored
Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Daniel Golle authored
Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Paul Spooren authored
Setting this options modifies the rootfs size of created images. When installing a large number of packages it may become necessary to increase the size to have enough storage. This option is only useful for supported devices, i.e. with an attached SD Card or installed on a hard drive. Signed-off-by:
Paul Spooren <mail@aparcar.org> (cherry picked from commit 7b7edd25)
-
- Mar 30, 2023
-
-
Felix Fietkau authored
On any currently supported hardware, the performance impact should not matter anymore. Signed-off-by:
Felix Fietkau <nbd@nbd.name> (cherry picked from commit 75e78bca)
-
Felix Fietkau authored
Fixes CVE-2022-47522 Signed-off-by:
Felix Fietkau <nbd@nbd.name> (cherry picked from commit d54c91bd)
-
- Mar 29, 2023
-
-
Daniel González Cabanelas authored
The USB port on the MR8300 randomly fails to feed bus-powered devices. This is caused by a misconfigured pinmux. The GPIO68 should be used to enable the USB power (active low), but it's inside the NAND pinmux. This GPIO pin was found in the original firmware at a startup script in both MR8300 and EA8300. Therefore apply the fix for both boards. Signed-off-by:
Daniel González Cabanelas <dgcbueu@gmail.com> Reviewed-by:
Robert Marko <robimarko@gmail.com> (cherry picked from commit ed64c332) Signed-off-by:
Steffen Scheib <steffen@scheib.me>
-
Hauke Mehrtens authored
Compile-tested: armvirt/64, lantiq/xrx200 Run-tested: armvirt/64, lantiq/xrx200 Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
Mathias Kresin authored
Due to SCHED_FIFO being a broken scheduler model, all users of sched_setscheduler() are converted to sched_set_fifo_low() upstream and sched_setscheduler() is no longer exported. The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. Signed-off-by:
Mathias Kresin <dev@kresin.me> (cherry picked from commit 31f3f797) [Add DECLARE_TASKLET handling for kernel 5.4.235 too] Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
- Mar 27, 2023
-
-
Mathias Kresin authored
The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. The stuck queue is now passed to ndo_tx_timeout callback but not used so far. Signed-off-by:
Mathias Kresin <dev@kresin.me> (cherry picked from commit 804c5414) [Add DECLARE_TASKLET handling for kernel 5.4.235 too] Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
John Audia authored
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480 Signed-off-by:
John Audia <therealgraysky@proton.me> (cherry picked from commit fbfec328)
-
Hauke Mehrtens authored
Compile-tested: armvirt/64, lantiq/xrx200 Run-tested: armvirt/64 Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
Rafał Miłecki authored
Signed-off-by:
Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit cb266184)
-
Rafał Miłecki authored
Signed-off-by:
Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ffaabee9)
-
- Mar 04, 2023
-
-
Christian Lamparter authored
This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697 > Reported-by:
Chen Minqiang <ptpt52@gmail.com> Reported-by:
Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by:
Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 25bc66eb)
-